Next-Gen CASB Blog

Second Gen CASBs Take the Lead

Interest in cloud security continues to increase as enterprises move to adopt cloud applications, with cloud access security brokers becoming the de facto security choice. Agile, cloud-first organizations are leading the charge to these more flexible applications, but now, large, security conscious, regulated companies are also going cloud. Security is a key pillar for all that adopt these apps. A good synopsis of what we see as the dual-edged sword is explained by Jay Heiser as follows:

"Security continues to be the most commonly cited reason for avoiding the use of public cloud," said Jay Heiser, research vice president at Gartner. "Yet paradoxically, the organizations already using the public cloud consider security to be one of the primary benefits.”1

Cloud platforms do a great job at protecting their infrastructure from risks, threats, attacks, and uptime, however, they leave the protection of corporate data up to IT security and application teams. Sometimes the apps have licensable add-ons that enable data protection (e.g. download controls, DRM, external sharing), but oftentimes external security solutions are necessary. Additionally, it is rare for a SaaS provider to offer comprehensive protections for competing or complementary external applications. This is why most companies end up adopting third-party security solutions.

In Gartner's latest Hype Cycle2, cloud access security brokers(CASB) have entered the Trough of Disillusionment. “When a technology does not live up to the hype of the peak of inflated expectations, it becomes unfashionable and moves along the cycle to the trough of disillusionment.”

At Bitglass, we see the trough as a phase where organizations realize the capabilities they need don’t align with the features they have purchased. This is happening to organizations that purchased a first generation CASB, where the solutions were focused on "Cloud Application Discovery." Many early CASB adopters are now shopping for their second CASB as they realize that their first generation vendor is unable to provide a compelling data protection offering.

Today's enterprises need data protection and second generation CASB vendors have become a necessity. Second generation CASB architectures still provide App Discovery functionality, however they are built from the ground up to protect data across cloud and mobile. First generation CASB have a hard time trying to bolt on data protections features to their existing architectures. Enterprises need multi-mode architectures which provide both real-time protection for data-in-transit, as well as control and visibility over data-at-rest in the cloud. Cloud providers make layering multiple security services an impossibility either technically or practically and for that reason second generation CASBs include a comprehensive set of features encompassing data protection, threat protection, identity, mobile security and more.

Over time, comprehensive CASB platforms like Bitglass, uniquely capable of protecting any device, will become the de facto standard for cloud security, encompassing Identity and Access Management, Network DLP, DLP for Mobile Devices, Cloud Application Discovery, Cloud Data Protection and more. Bitglass is also the only CASB with a mobile solution that can replace traditional EMM technologies and enable secure BYOD.

1Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.